BIOS security updates
This article gives an overview of the available information about BIOS updates of the different socket versions for Thomas-Krenn motherboards. More detailed information can be found in the listed tables and in the linked articles.
Multi-CPU architectures
You can find information about the available BIOS security updates for multi-CPU architectures in these articles:
- BIOS security updates LGA 4189 - 3rd Gen Intel Xeon Scalable processors
- BIOS security updates LGA 3647 - 1st and 2nd Gen Intel Xeon Scalable processors
- BIOS security updates LGA 2011-3 - Intel Xeon processors Haswell and Broadwell
- BIOS security updates LGA 2011 - Intel Xeon Sandy Bridge and Ivy Bridge
Single-CPU architectures
The following architectures exclusively support Single-CPU systems and are used in the desktop and Single-CPU server area. You can find information about the available BIOS security updates in these articles:
- BIOS security updates LGA 1151-2 - Intel Core processors 8th and 9th generation
- BIOS security updates LGA 1151 - Intel Core processors 6th and 7th generation
- BIOS security updates LGA 1150 - Intel Core processors 4th and 5th generation
- BIOS security updates LGA 1155 - Intel Core processors 2nd and 3rd generation
Celeron N/J based systems
Security updates from 2022
The table below lists the security updates released as of 2022.
Security update | 2022.1 IPU INTEL-SA-00601 INTEL-SA-00613 INTEL-SA-00614 INTEL-SA-00616 INTEL-SA-00617 |
---|---|
Update Microcode | yes |
Update SPS | under investigation |
Update Platform Sample / Silicon Reference firmware | under investigation |
Update BIOS ACM firmware / SINIT ACM firmware | yes |
LES v2 (Celeron N2930) | not affected |
LES v3 (Celeron N3160) | not affected |
LES compact 4L (Celeron J3160) | not affected |
LES network (Celeron J1900) | not affected |
LES network v2 (Celeron J3455) | affected, Microcode update necessary |
Security updates until 2021
The table below lists the security updates released through the end of 2021.
Security update | 2021.2 IPU INTEL-SA-00528 INTEL-SA-00562 |
2021.1 IPU INTEL-SA-00442 INTEL-SA-00459 INTEL-SA-00463 INTEL-SA-00464 INTEL-SA-00465 |
2020.2 IPU INTEL-SA-00381 INTEL-SA-00389 INTEL-SA-00391 |
2020-09-08 INTEL-SA-00347 INTEL-SA-00356 INTEL-SA-00404 |
2020.1 IPU INTEL-SA-00295 INTEL-SA-00320 INTEL-SA-00322 |
2020-01 INTEL-SA-00329 |
2019-12 INTEL-SA-00289 INTEL-SA-00317 |
2019.2 IPU INTEL-SA-00220 INTEL-SA-00241 INTEL-SA-00254 INTEL-SA-00270 |
2019.1 QSR INTEL-SA-00213 INTEL-SA-00223 Microarchitectural Data Sampling - ZombieLoad INTEL-SA-00233 |
2018.4 QSR INTEL-SA-00185 INTEL-SA-00191 |
Intel ME, CSME, SPS und TXE INTEL-SA-00125 INTEL-SA-00141 INTEL-SA-00142 |
Spectre V3a and V4, Foreshadow L1 Terminal Fault INTEL-SA-00115 INTEL-SA-00161 |
Spectre Variant 2 INTEL-SA-00088 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Update Microcode | yes | yes | yes | under investigation | yes | yes | yes | yes | yes | - | - | yes | yes |
Update SPS | under investigation | yes | yes | under investigation | yes | - | - | yes | yes | yes SPS >= 4.00.04.383 SPS >=4.01.02.174 |
yes | - | - |
Update Platform Sample / Silicon Reference firmware | under investigation | under investigation | under investigation | under investigation | under investigation | - | - | yes | under investigation | yes | - | - | - |
Update BIOS ACM firmware / SINIT ACM firmware | under investigation | under investigation | under investigation | under investigation | under investigation | - | - | yes | ? | ? | ? | ? | ? |
LES v2 (Celeron N2930) | not affected | BIOS HU93K313 | not affected | BIOS HU93K310 | |||||||||
LES v3 (Celeron N3160) | not affected | BIOS BASUIT06 | not affected | BIOS BASUIT05.2 | |||||||||
LES compact 4L (Celeron J3160) | not affected | BIOS BSW4L008 | not affected | BIOS YLBWL412 | |||||||||
LES network (Celeron J1900) | not affected | BIOS BAR1NH04 | not affected | BIOS BAR1NH02.4 | |||||||||
LES network v2 (Celeron J3455) | affected, Microcode update necessary | affected, Microcode update necessary | BIOS BAT8NT41 | not affected | BIOS BAT8NT32 | BIOS BAT8NT03 |
Atom based systems
- SPS Version (SoC-A): 04.00.04.1xx
Security updates from 2022
The table below lists the security updates released as of 2022.
Security update | 2022.1 IPU INTEL-SA-00601 INTEL-SA-00613 INTEL-SA-00614 INTEL-SA-00616 INTEL-SA-00617 |
---|---|
Advantech ASMB-260T2-22A1 | affected, Microcode update necessary |
Supermicro A2SDi-4C-HLN4F (Atom C3558) | BIOS 1.8 (in development) |
Security updates until 2021
The table below lists the security updates released through the end of 2021.
Security update | 2021.2 IPU INTEL-SA-00528 INTEL-SA-00562 |
2021.1 IPU INTEL-SA-00442 INTEL-SA-00459 INTEL-SA-00463 INTEL-SA-00464 INTEL-SA-00465 |
2020.2 IPU INTEL-SA-00381 INTEL-SA-00389 INTEL-SA-00391 |
2020-09-08 INTEL-SA-00347 INTEL-SA-00356 INTEL-SA-00404 |
2020.1 IPU INTEL-SA-00295 INTEL-SA-00320 INTEL-SA-00322 |
2020-01 INTEL-SA-00329 |
2019-12 INTEL-SA-00289 INTEL-SA-00317 |
2019.2 IPU INTEL-SA-00220 INTEL-SA-00241 INTEL-SA-00254 INTEL-SA-00270 |
2019.1 QSR INTEL-SA-00213 INTEL-SA-00223 Microarchitectural Data Sampling - ZombieLoad INTEL-SA-00233 |
2018.4 QSR INTEL-SA-00185 INTEL-SA-00191 |
Intel ME, CSME, SPS und TXE INTEL-SA-00125 INTEL-SA-00141 INTEL-SA-00142 |
Spectre V3a and V4, Foreshadow L1 Terminal Fault INTEL-SA-00115 INTEL-SA-00161 |
Spectre Variant 2 INTEL-SA-00088 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Advantech ASMB-260T2-22A1 | affected, Microcode update necessary | affected, Microcode and ME firmware update necessary | under investigation | under investigation | under investigation | under investigation | under investigation | n/a (under investigation) | n/a (under investigation) | n/a | n/a | n/a | n/a |
Supermicro A2SDi-4C-HLN4F (Atom C3558) | BIOS 1.6 (in development) | affected, Microcode and ME firmware update necessary | not affected | BIOS 1.3 | under investigation | under investigation | BIOS 1.2 |
Desktop systems
Security updates from 2022
The table below lists the security updates released as of 2022.
Security update | 2022.1 IPU INTEL-SA-00601 INTEL-SA-00613 INTEL-SA-00614 INTEL-SA-00616 INTEL-SA-00617 |
---|---|
Intel Skylake / Kaby Lake / Coffee Lake platform | |
ASUS TUF X299 Mark 2 (ME Version 11.11.*) | under investigation |
ASUS H170M-Plus (ME Version 11.8.*) | under investigation |
ASUS H270M-Plus (ME Version 11.8.*) | under investigation |
ASUS H370M-Plus (ME Version 12.0.*) | under investigation |
ASUS H570M-Plus (ME Version 15.0.*) | under investigation |
ASUS H570-Plus (ME Version 15.0.*) | under investigation |
Intel Haswell / Broadwell platform | |
ASUS H97M-E | under investigation |
ASUS X99-WS/IPMI | under investigation |
Security updates until 2021
The table below lists the security updates released through the end of 2021.
Security update | 2021.2 IPU INTEL-SA-00528 INTEL-SA-00562 |
2021.1 IPU INTEL-SA-00442 INTEL-SA-00459 INTEL-SA-00463 INTEL-SA-00464 INTEL-SA-00465 |
2020.2 IPU INTEL-SA-00381 INTEL-SA-00389 INTEL-SA-00391 |
2020-09-08 INTEL-SA-00347 INTEL-SA-00356 INTEL-SA-00404 |
2020.1 IPU INTEL-SA-00295 INTEL-SA-00320 INTEL-SA-00322 |
2020-01 INTEL-SA-00329 |
2019-12 INTEL-SA-00289 INTEL-SA-00317 |
2019.2 IPU INTEL-SA-00220 INTEL-SA-00241 INTEL-SA-00254 INTEL-SA-00270 |
2019.1 QSR INTEL-SA-00213 INTEL-SA-00223 Microarchitectural Data Sampling - ZombieLoad INTEL-SA-00233 |
2018.4 QSR INTEL-SA-00185 INTEL-SA-00191 |
Intel ME, CSME, SPS und TXE INTEL-SA-00125 INTEL-SA-00141 INTEL-SA-00142 |
Spectre V3a and V4, Foreshadow L1 Terminal Fault INTEL-SA-00115 INTEL-SA-00161 |
Spectre Variant 2 INTEL-SA-00088 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Intel Skylake / Kaby Lake / Coffee Lake platform | |||||||||||||
ASUS TUF X299 Mark 2 (ME Version 11.11.*) | affected, Microcode update necessary | affected, Microcode and ME firmware update necessary | BIOS 3105 | affected, Microcode update necessary | BIOS 3006 | BIOS 1902 | BIOS 1704 | BIOS 1503 | n/a | BIOS 1503 | |||
ASUS H170M-Plus (ME Version 11.8.*) | not affected | affected, Microcode and ME firmware update necessary | affected, Microcode update necessary | under investigation, ME 11.8.70 necessary | under investigation | under investigation | available: MEUpdateTool 11.8.55.3510 | n/a | BIOS 3805 | ||||
ASUS H270M-Plus (ME Version 11.8.*) | not affected | affected, Microcode and ME firmware update necessary | affected, Microcode update necessary | under investigation, ME 11.8.70 necessary | BIOS 1604 | under investigation | available: MEUpdateTool 11.8.55.3510 | n/a | BIOS 1205 | ||||
ASUS H370M-Plus (ME Version 12.0.*) | affected, Microcode update necessary | affected, Microcode and ME firmware update necessary | BIOS 2201 | affected, Microcode update necessary |
BIOS 1901 ME Update available: MEUpdateTool 12.0.49.1534 |
BIOS 1502 | BIOS 1202 | BIOS 0904 | ME 12.0.6.1120 | BIOS 1101 | BIOS 1101 | |||
ASUS H570M-Plus (ME Version 15.0.*) | affected, Microcode update necessary | affected, Microcode and ME firmware update necessary | BIOS 0820 | ||||||||||
ASUS H570-Plus (ME Version 15.0.*) | affected, Microcode update necessary | BIOS 1017 | |||||||||||
Intel Haswell / Broadwell platform | |||||||||||||
ASUS H97M-E | under investigation | under investigation | under investigation | under investigation | affected, Microcode and ME firmware update necessary | not affected | under investigation | not affected | INTEL-SA-00141 affected, ME 10.0.60 necessary (in development) | n/a | n/a | ||
ASUS X99-WS/IPMI | under investigation | under investigation | under investigation | under investigation | not affected | affected (6th Generation Core i7) | not affected | BIOS 4001 | not affected | not affected | BIOS 3803 | BIOS 3703 |
AMD based systems
For information about BIOS updates for AMD based systems, see this article:
Microcode updates via the operating system
In the case of security flaws that affect the CPU microcode (e.g. Spectre or L1TF), the microcode can in many cases be alternatively applied via the operating system.
Further information
- Security Vulnerabilities Table (www.supermicro.com)
References
Author: Thomas Niedermeier Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.
|
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|